Add a Switch Behind an Internet Gateway
If you are adding a Virtual Chassis, ensure that you prepare the Virtual Chassis for onboarding to CSO. See Prepare a Virtual Chassis for Onboarding to CSO for details.
To add a switch behind an Internet gateway for managing by CSO:
- Select Resources > Site Management.
The Sites page appears.
- Click Add and select Add On-Premise Spoke
The Add Site for Tenant-Name page appears.
- Complete the configuration according to the guidelines
provided in Table 1.
Fields marked with an asterisk (*) are mandatory.
- Review the configuration from the Summary tab.
(Optional) Click the Edit links within the summary to go directly to a specific page of the wizard and modify the configured settings.
- Click OK to add the
After you click OK, site activation is initiated and the Site Activation: Site-Name page appears. If you add multiple switches, the progress of the steps executed for activating each switch is displayed.
If the Zero Touch Provisioning (ZTP) toggle button is enabled (default), CSO pushes the stage-1 and stage-2 configurations and provisions the switch.
This process occurs immediately after the activation process, for which you entered the activation code or selected auto-activation.
Stage-1 configuration is the initial configuration that allows basic connectivity to a device, which is pushed to the device.
The configuration that is pushed to the device after it has connected to CSO is called stage-2 configuration.
If you disabled the Zero Touch Provisioning (ZTP) toggle button, you must manually configure the stage-1 configuration (as provided by CSO) on the switch.
To manually configure the stage-1 configuration:
- On the Site Activation: Site-Name page, the Click to copy stage-1 configuration link appears after the Prestage Device step completes successfully.
- Click the Click to copy stage-1 configuration link.
The stage-1 configuration page appears displaying the stage-1 configuration to be copied to the EX Series device.
- Copy the stage-1 configuration and log in to the console of the EX Series switch.
- Enter the configuration mode, paste, and commit the configuration.
After the stage-1 configuration is committed, the switch has the outbound SSH configuration to connect with CSO.
CSO then provisions the switch.
Table 1: Fields on the Add Site for Tenant-Name Page ( LAN Capability)
Enter a unique name for the site. You can use alphanumeric characters and hyphen (-). The maximum length allowed is 32 characters.
Select a site group to which you want to assign the site.
Select LAN to include LAN capabilities in the site.
Address and Contact Information
Enter the street address of the site.
Enter the city where the site is located.
Enter the state or province where the site is located.
Enter the postal code for the site.
From the list, select the country where the site is located. Click the Validate button to verify the address.
If you enter the wrong address and click the Validate button to verify the address, the Site address could not be validated message is displayed.
Enter the name of the contact person for the site.
Enter the e-mail address of the contact person for the site.
Enter the phone number of the contact person for the site.
Domain Name Server (DNS)
Specify one or more IPv4 addresses of the DNS server. To enter more than one DNS server address, type the address, press Enter, and then type the next address, and so on.
DNS servers are used to resolve hostnames into IP addresses.
Specify the IP addresses of one or more NTP servers.
Select the time zone of the site from the list.
Displays the switches that you have added to the site.
Displays the VLANs and their IDs that you configured on the switch.
Table 2: Fields on the Add LAN Segment Page when Adding a Site With LAN Capability
Add LAN Segment
Enter a name for the VLAN.
The name for a VLAN should be a unique string of alphanumeric characters and some special characters (. -). No spaces are allowed and the maximum length allowed is 15 characters.
Enter the VLAN ID for the VLAN.
Range: 2 through 4093.
Table 3 describes the fields on the Add New Switch page.
Table 3: Fields on the Add New Switch page
Enter a unique name for the switch.
You can use alphanumeric characters and hyphen (-). The maximum length allowed is 15 characters.
Select the type of switch—EX2300, EX3400, EX4300, EX4600, and EX4650.
Select the model for the switch you specified in the Device Type field.
The models vary in the number and type of ports the switch contains. For example, If you selected EX3400, select a model such as EX3400-24P, EX3400-48P, EX3400-24T among others.
Click the toggle button to enable or disable (default) adding the switch as a Virtual Chassis.
If you enable this toggle button, you must select the method of provisioning the Virtual Chassis.
Select the method of provisioning the Virtual Chassis:
For both these methods, ensure that:
Master Serial Number
If you selected Auto Provisioning, enter the serial number of the Primary (from the fully-formed Virtual Chassis).
To obtain the serial number, log in to the CLI of any device that is part of the fully-formed Virtual Chassis, in operational mode, and enter show virtual-chassis.
The list of the member devices in the Virtual Chassis, along with the serial number and role appear. The primary device is indicated as Master under Role.
Alternatively, you can view the serial number on the barcode sticker, which is on the rear-panel of the switch.
If you selected Pre Provisioning, enter the serial numbers of all the devices (from the fully-formed Virtual Chassis or based on what roles you decide to assign each Virtual Chassis member), and also select the member type and model from the list.
Click the Add (+) icon to add a member or the Remove (-) icon to remove the last added member. For information on the number of devices that can be added, see Supported Device Types, Modes, and Number of Members Allowed in a Virtual Chassis
Note: The Routing Engine toggle button corresponding to Member 0 is always enabled, indicating that Member 0 always acts as the primary.
To select a member as backup, click to enable the Routing Engine toggle button corresponding to that member; the remaining members act as line cards.
If you disabled the Virtual Chassis toggle button, specify the serial number of the physical switch.
To obtain the serial number, log in to the CLI of the switch in operational mode and enter show chassis hardware. Alternatively, you can view the serial number on the barcode sticker, which is on the rear-panel of the switch.
The serial number is a case-sensitive, alphanumeric string.
Zero Touch Provisioning
Click the toggle button to enable or disable zero-touch provisioning (ZTP) of the switch through ZTP.
If you disable ZTP, you must manually copy and paste the Stage-1 configuration on the switch during site activation. See Step 5 for details.
Select the boot image from the list if you want to upgrade the image for the switch.
The boot image is the latest device image that is uploaded to the image management system. The boot image is used to upgrade the device when the CSO starts the ZTP process.
If the boot image is not provided, then the device skips the automatic upgrade procedure. The boot image is populated based on the device template that you have selected while creating a site.
Note: This option is not available for a Virtual Chassis.
To provision a Virtual Chassis in CSO, you must manually upgrade the image to either JUNOS 18.4R2.7 or 18.4R3.3.
Click the toggle button to enable (default) or disable automatic activation of the switch when the switch is detected by CSO (that is, management status of the device is Device_Detected).
When you enable this field, zero-touch provisioning (ZTP) of the switch is automatically triggered when the device communicates with CSO.
Note: The switch must be powered on for automatic activation when you enable this option.
If you disabled the Auto activate field, enter the activation code to be used for manually activating the switch
For information on manually activating a switch, see Manually Activating a Switch.
Table 4 describes the tabs on the Switch Configuration page.
The Access Profiles tab and Port Profiles tab are available only if you have added a physical switch or a preprovisioned Virtual Chassis, and the selected switches are of the same device type and model. If you have added an autoprovisioned Virtual Chassis, only the Configuration Templates tab is available. The Port Profiles tab is unavailable because, in the case of autoprovisioning, port profiles can be configured only after provisioning the Virtual Chassis. The Access Profiles tab is unavailable because the access profile requires a RADIUS authentication server to be added to it. The parameters related to communication between the RADIUS server and the supplicant are defined in the authentication profile , which is, in turn, referenced by the port profile.
Table 4: Tabs on the Switch Configuration page
Displays the list of access profiles available in CSO. The list is populated from the Access Profiles page (Configuration > SD-LAN > Access Profiles).
You can also click the Search icon to search for a specific access profile in the list.
For details of the fields displayed on the Access Profiles table, see About the Access Profiles Page.
Optional: You can select an access profile from the list to assign it to the switch.
Displays the list of interfaces (ports) available in CSO.
You can also click the Search icon to search for a specific port in the list.
Optional: To assign port profiles and VLAN IDs to the ports:
Displays the list of configuration templates. This list is filtered based on the device that you select.
Configuration templates are predefined stage-2 templates that are added by your OpCo administrators or SP administrators.
To add configuration templates and set the parameters for the selected configuration templates:
After you onboard a switch, you can either add one or more switches to the site containing the switch (see Add Switches to an Existing SD-LAN Site) or configure the switch in your network (see the Configure an EX Series Switch chapter in this guide).